1. Module sprawl without ownership boundaries
When every team edits shared modules freely, blast radius grows and release confidence drops. Assign module ownership and define change contracts.
2. Shared state misuse and lock contention
Large teams often overload a single state backend and mix unrelated workloads. Split by environment and capability to reduce coupling and contention risk.
3. Manual console changes that bypass IaC
Console edits may unblock short-term incidents but create hidden drift. Track and reconcile drift quickly, then lock down high-risk resources.
4. Weak review pipelines for infrastructure changes
- Require plan artifacts for review.
- Enforce policy checks in CI.
- Use environment promotion instead of ad-hoc production applies.
5. Practical remediation sequence
- Inventory modules and ownership.
- Define state segmentation strategy.
- Standardize pull request policy for plan/apply workflows.
- Schedule focused drift cleanup sprints.
Related service: Terraform setup and refactor support